Download raw body.
gotd: unveil in PROFILE builds
apply_unveil_none() hides whole file system and it makes getpwuid fail in PROFILE builds diff /home/misha/work/got commit - c000aa350eac5ac329beb278a513e5f978d2a463 path + /home/misha/work/got blob - 23fb7de78a4d49528a35ce6f683badab359d83bc file + gotd/gotd.c --- gotd/gotd.c +++ gotd/gotd.c @@ -1667,6 +1667,7 @@ static void fatal("unveil"); } +#ifndef PROFILE static void apply_unveil_none(void) { @@ -1676,6 +1677,7 @@ apply_unveil_none(void) if (unveil(NULL, NULL) == -1) fatal("unveil"); } +#endif static void apply_unveil_selfexec(void) @@ -1841,12 +1843,12 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio sendfd unix unveil", NULL) == -1) err(1, "pledge"); -#endif /* * Ensure that AF_UNIX bind(2) cannot be used with any other * sockets by revoking all filesystem access via unveil(2). */ apply_unveil_none(); +#endif listen_main(title, fd, gotd.connection_limits, gotd.nconnection_limits); @@ -1856,7 +1858,6 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio getpw recvfd unix unveil", NULL) == -1) err(1, "pledge"); -#endif /* * We need the "unix" pledge promise for getpeername(2) only. * Ensure that AF_UNIX bind(2) cannot be used by revoking all @@ -1864,6 +1865,7 @@ main(int argc, char **argv) * files will still work since "getpw" bypasses unveil(2). */ apply_unveil_none(); +#endif auth_main(title, &gotd.repos, repo_path); /* NOTREACHED */
gotd: unveil in PROFILE builds